FireFox - IE Exploit Heads up - Mozilla

This is a discussion on FireFox - IE Exploit Heads up - Mozilla ; http://isc.sans.org/diary.html?storyid=3121 And http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511 Lovely.........

+ Reply to Thread
Page 1 of 2 1 2 LastLast
Results 1 to 20 of 34

Thread: FireFox - IE Exploit Heads up

  1. FireFox - IE Exploit Heads up


  2. Re: FireFox - IE Exploit Heads up

    On 12.07.2007 08:51, CET - what odd quirk of fate caused
    stephen.novell@gmail.com to generate the following:? :
    > http://isc.sans.org/diary.html?storyid=3121
    >
    > And
    >
    > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >
    > Lovely......
    >
    >

    now you understand why I'm still running FF 1.5.0.9 :-P
    Updates?? Security fixes?? hmmmmm...

    reg

  3. Re: FireFox - IE Exploit Heads up

    squaredancer wrote:
    > On 12.07.2007 08:51, CET - what odd quirk of fate caused
    > stephen.novell@gmail.com to generate the following:? :
    >> http://isc.sans.org/diary.html?storyid=3121
    >>
    >> And
    >>
    >> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>
    >> Lovely......
    >>
    >>

    > now you understand why I'm still running FF 1.5.0.9 :-P
    > Updates?? Security fixes?? hmmmmm...
    >
    > reg

    An interesting thread but with limited meaning to readers not familiar
    with those links and if they are likely to cause problems by going to
    them or if they are valid information links that are safe to visit. An
    explanation would be helpful to readers not familiar with those
    particular links.

    James

  4. Re: FireFox - IE Exploit Heads up

    James wrote:
    > squaredancer wrote:
    >> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >> stephen.novell@gmail.com to generate the following:? :
    >>> http://isc.sans.org/diary.html?storyid=3121
    >>>
    >>> And
    >>>
    >>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>
    >>> Lovely......
    >>>
    >>>

    >> now you understand why I'm still running FF 1.5.0.9 :-P
    >> Updates?? Security fixes?? hmmmmm...
    >>
    >> reg

    > An interesting thread but with limited meaning to readers not familiar
    > with those links and if they are likely to cause problems by going to
    > them or if they are valid information links that are safe to visit. An
    > explanation would be helpful to readers not familiar with those
    > particular links.
    >

    I disagree. I found the links very useful and explanatory.

    I mean, if you can't trust .gov who can you trust? :_)

    --
    Sailfish - Netscape/Mozilla Champion
    Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
    mozilla-based Themes: http://www.projectit.com/freestuff.html

  5. Re: FireFox - IE Exploit Heads up

    In ,
    squaredancer wrote:

    >On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >stephen.novell@gmail.com to generate the following:? :
    >> http://isc.sans.org/diary.html?storyid=3121
    >>
    >> And
    >>
    >> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>
    >> Lovely......
    >>
    >>

    >now you understand why I'm still running FF 1.5.0.9 :-P


    No.

    >Updates?? Security fixes?? hmmmmm...


    Because you want to /avoid/ the security fixes?

    --
    »Q«

  6. Re: FireFox - IE Exploit Heads up

    On 7/12/2007 10:15 AM On a whim, Sailfish pounded out on the keyboard

    > James wrote:
    >> squaredancer wrote:
    >>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>> stephen.novell@gmail.com to generate the following:? :
    >>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>
    >>>> And
    >>>>
    >>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>
    >>>> Lovely......
    >>>>
    >>>>
    >>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>> Updates?? Security fixes?? hmmmmm...
    >>>
    >>> reg

    >> An interesting thread but with limited meaning to readers not familiar
    >> with those links and if they are likely to cause problems by going to
    >> them or if they are valid information links that are safe to visit. An
    >> explanation would be helpful to readers not familiar with those
    >> particular links.
    >>

    > I disagree. I found the links very useful and explanatory.
    >
    > I mean, if you can't trust .gov who can you trust? :_)
    >


    And another good reason that everyone should be using NoScript.

    --
    Terry R.
    Anti-spam measures are included in my email address.
    Delete NOSPAM from the email address after clicking Reply.

  7. Re: FireFox - IE Exploit Heads up

    Sailfish wrote:
    > James wrote:
    >> squaredancer wrote:
    >>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>> stephen.novell@gmail.com to generate the following:? :
    >>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>
    >>>> And
    >>>>
    >>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>
    >>>> Lovely......
    >>>>
    >>>>
    >>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>> Updates?? Security fixes?? hmmmmm...
    >>>
    >>> reg

    >> An interesting thread but with limited meaning to readers not familiar
    >> with those links and if they are likely to cause problems by going to
    >> them or if they are valid information links that are safe to visit. An
    >> explanation would be helpful to readers not familiar with those
    >> particular links.
    >>

    > I disagree. I found the links very useful and explanatory.
    >
    > I mean, if you can't trust .gov who can you trust? :_)
    >

    :-/ ROFL!

  8. Re: FireFox - IE Exploit Heads up

    On Jul 12, 12:41 pm, James wrote:
    > squaredancer wrote:
    > > On 12.07.2007 08:51, CET - what odd quirk of fate caused
    > > stephen.nov...@gmail.com to generate the following:? :
    > >>http://isc.sans.org/diary.html?storyid=3121

    >
    > >> And

    >
    > >>http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511

    >
    > >> Lovely......

    >
    > > now you understand why I'm still running FF 1.5.0.9 :-P
    > > Updates?? Security fixes?? hmmmmm...

    >
    > > reg

    >
    > An interesting thread but with limited meaning to readers not familiar
    > with those links and if they are likely to cause problems by going to
    > them or if they are valid information links that are safe to visit. An
    > explanation would be helpful to readers not familiar with those
    > particular links.
    >
    > James


    It's the US Department of Homeland Security..... And SANS.org for
    systems IT and Networking security sites.


  9. Re: FireFox - IE Exploit Heads up

    squaredancer wrote:
    > On 12.07.2007 08:51, CET - what odd quirk of fate caused
    > stephen.novell@gmail.com to generate the following:? :
    >> http://isc.sans.org/diary.html?storyid=3121
    >>
    >> And
    >>
    >> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>
    >> Lovely......
    >>
    >>

    > now you understand why I'm still running FF 1.5.0.9 :-P
    > Updates?? Security fixes?? hmmmmm...
    >
    > reg

    No. I don't. I suppose that just because you CAN get two flats on your
    car, you don't carry a spare tire?
    Same logic.


    --
    Ron Hunter rphunter@charter.net

  10. Re: FireFox - IE Exploit Heads up

    Terry R. wrote:
    > On 7/12/2007 10:15 AM On a whim, Sailfish pounded out on the keyboard
    >
    >> James wrote:
    >>> squaredancer wrote:
    >>>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>>> stephen.novell@gmail.com to generate the following:? :
    >>>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>>
    >>>>> And
    >>>>>
    >>>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>>
    >>>>> Lovely......
    >>>>>
    >>>>>
    >>>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>>> Updates?? Security fixes?? hmmmmm...
    >>>>
    >>>> reg
    >>> An interesting thread but with limited meaning to readers not familiar
    >>> with those links and if they are likely to cause problems by going to
    >>> them or if they are valid information links that are safe to visit. An
    >>> explanation would be helpful to readers not familiar with those
    >>> particular links.
    >>>

    >> I disagree. I found the links very useful and explanatory.
    >>
    >> I mean, if you can't trust .gov who can you trust? :_)
    >>

    >
    > And another good reason that everyone should be using NoScript.
    >

    Surfing the net without Javascript is like surfing Santa Cruz in the
    winter without a wet suit. Sure, it can be done but ... it kinda takes a
    lot of fun out of it :_)

    --
    Sailfish - Netscape/Mozilla Champion
    Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
    mozilla-based Themes: http://www.projectit.com/freestuff.html

  11. Re: FireFox - IE Exploit Heads up

    On 7/12/2007 2:15 PM On a whim, Sailfish pounded out on the keyboard

    > Terry R. wrote:
    >> On 7/12/2007 10:15 AM On a whim, Sailfish pounded out on the keyboard
    >>
    >>> James wrote:
    >>>> squaredancer wrote:
    >>>>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>>>> stephen.novell@gmail.com to generate the following:? :
    >>>>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>>>
    >>>>>> And
    >>>>>>
    >>>>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>>>
    >>>>>> Lovely......
    >>>>>>
    >>>>>>
    >>>>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>>>> Updates?? Security fixes?? hmmmmm...
    >>>>>
    >>>>> reg
    >>>> An interesting thread but with limited meaning to readers not familiar
    >>>> with those links and if they are likely to cause problems by going to
    >>>> them or if they are valid information links that are safe to visit. An
    >>>> explanation would be helpful to readers not familiar with those
    >>>> particular links.
    >>>>
    >>> I disagree. I found the links very useful and explanatory.
    >>>
    >>> I mean, if you can't trust .gov who can you trust? :_)
    >>>

    >> And another good reason that everyone should be using NoScript.
    >>

    > Surfing the net without Javascript is like surfing Santa Cruz in the
    > winter without a wet suit. Sure, it can be done but ... it kinda takes a
    > lot of fun out of it :_)
    >


    I agree, but after using NoScript for a while, I'm surprised how many
    additional sites want to run scripts besides the one I'm visiting. I
    don't care to let everyone do what they please just because they can.
    Just monitoring it for a while makes one wonder just how much is going
    on without our knowledge.


    --
    Terry R.
    Anti-spam measures are included in my email address.
    Delete NOSPAM from the email address after clicking Reply.

  12. Re: FireFox - IE Exploit Heads up

    Sailfish wrote:
    > Terry R. wrote:
    >> On 7/12/2007 10:15 AM On a whim, Sailfish pounded out on the keyboard
    >>
    >>> James wrote:
    >>>> squaredancer wrote:
    >>>>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>>>> stephen.novell@gmail.com to generate the following:? :
    >>>>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>>>
    >>>>>> And
    >>>>>>
    >>>>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>>>
    >>>>>> Lovely......
    >>>>>>
    >>>>>>
    >>>>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>>>> Updates?? Security fixes?? hmmmmm...
    >>>>>
    >>>>> reg
    >>>> An interesting thread but with limited meaning to readers not familiar
    >>>> with those links and if they are likely to cause problems by going to
    >>>> them or if they are valid information links that are safe to visit. An
    >>>> explanation would be helpful to readers not familiar with those
    >>>> particular links.
    >>>>
    >>> I disagree. I found the links very useful and explanatory.
    >>>
    >>> I mean, if you can't trust .gov who can you trust? :_)
    >>>

    >>
    >> And another good reason that everyone should be using NoScript.
    >>

    > Surfing the net without Javascript is like surfing Santa Cruz in the
    > winter without a wet suit. Sure, it can be done but ... it kinda takes a
    > lot of fun out of it :_)
    >


    Surely you didn't notice that what NoScript really allows is to deny
    Javascript by default on all sites and let you enable permanently or
    temporarily the ones you trust individually with just two mouse clicks.
    Once you make yourself a respectable white-list you can even backup it
    and import on other computers.

  13. Re: FireFox - IE Exploit Heads up

    Sailfish wrote:
    > James wrote:
    >> squaredancer wrote:
    >>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>> stephen.novell@gmail.com to generate the following:? :
    >>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>
    >>>> And
    >>>>
    >>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>
    >>>> Lovely......
    >>>>
    >>>>
    >>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>> Updates?? Security fixes?? hmmmmm...
    >>>
    >>> reg

    >> An interesting thread but with limited meaning to readers not familiar
    >> with those links and if they are likely to cause problems by going to
    >> them or if they are valid information links that are safe to visit. An
    >> explanation would be helpful to readers not familiar with those
    >> particular links.
    >>

    > I disagree. I found the links very useful and explanatory.
    >
    > I mean, if you can't trust .gov who can you trust? :_)
    >

    Wellll... the combination bill gates/gov may supply a lot of surprises....

  14. Re: FireFox - IE Exploit Heads up

    Andrés M. wrote:
    > Sailfish wrote:
    >> Terry R. wrote:
    >>> On 7/12/2007 10:15 AM On a whim, Sailfish pounded out on the keyboard
    >>>
    >>>> James wrote:
    >>>>> squaredancer wrote:
    >>>>>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>>>>> stephen.novell@gmail.com to generate the following:? :
    >>>>>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>>>>
    >>>>>>> And
    >>>>>>>
    >>>>>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>>>>
    >>>>>>> Lovely......
    >>>>>>>
    >>>>>>>
    >>>>>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>>>>> Updates?? Security fixes?? hmmmmm...
    >>>>>>
    >>>>>> reg
    >>>>> An interesting thread but with limited meaning to readers not familiar
    >>>>> with those links and if they are likely to cause problems by going to
    >>>>> them or if they are valid information links that are safe to
    >>>>> visit. An
    >>>>> explanation would be helpful to readers not familiar with those
    >>>>> particular links.
    >>>>>
    >>>> I disagree. I found the links very useful and explanatory.
    >>>>
    >>>> I mean, if you can't trust .gov who can you trust? :_)
    >>>>
    >>>
    >>> And another good reason that everyone should be using NoScript.
    >>>

    >> Surfing the net without Javascript is like surfing Santa Cruz in the
    >> winter without a wet suit. Sure, it can be done but ... it kinda takes
    >> a lot of fun out of it :_)
    >>

    >
    > Surely you didn't notice that what NoScript really allows is to deny
    > Javascript by default on all sites and let you enable permanently or
    > temporarily the ones you trust individually with just two mouse clicks.
    > Once you make yourself a respectable white-list you can even backup it
    > and import on other computers.


    Sure, but that's more work on my part. Using the same analogy, it like
    going winter surfing with a wet suit but one size too small.

    --
    Sailfish - Netscape/Mozilla Champion
    Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
    mozilla-based Themes: http://www.projectit.com/freestuff.html

  15. Re: FireFox - IE Exploit Heads up

    Sjouke Burry wrote:
    > Sailfish wrote:
    >> James wrote:
    >>> squaredancer wrote:
    >>>> On 12.07.2007 08:51, CET - what odd quirk of fate caused
    >>>> stephen.novell@gmail.com to generate the following:? :
    >>>>> http://isc.sans.org/diary.html?storyid=3121
    >>>>>
    >>>>> And
    >>>>>
    >>>>> http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >>>>>
    >>>>> Lovely......
    >>>>>
    >>>>>
    >>>> now you understand why I'm still running FF 1.5.0.9 :-P
    >>>> Updates?? Security fixes?? hmmmmm...
    >>>>
    >>>> reg
    >>> An interesting thread but with limited meaning to readers not familiar
    >>> with those links and if they are likely to cause problems by going to
    >>> them or if they are valid information links that are safe to visit. An
    >>> explanation would be helpful to readers not familiar with those
    >>> particular links.
    >>>

    >> I disagree. I found the links very useful and explanatory.
    >>
    >> I mean, if you can't trust .gov who can you trust? :_)
    >>

    > Wellll... the combination bill gates/gov may supply a lot of surprises....


    chortle

    --
    Sailfish - Netscape/Mozilla Champion
    Netscape/Mozilla Tips: http://www.ufaq.org/ , http://ilias.ca/
    mozilla-based Themes: http://www.projectit.com/freestuff.html

  16. Re: FireFox - IE Exploit Heads up

    On 7/12/2007 4:15 PM Terry R. opined:
    >> Surfing the net without Javascript is like surfing Santa Cruz in the
    >> winter without a wet suit. Sure, it can be done but ... it kinda takes a
    >> lot of fun out of it :_)
    >>

    >
    > I agree, but after using NoScript for a while, I'm surprised how many
    > additional sites want to run scripts besides the one I'm visiting. I
    > don't care to let everyone do what they please just because they can.
    > Just monitoring it for a while makes one wonder just how much is going
    > on without our knowledge.
    >
    >

    Quite a lot actually.
    Surprised?

  17. Re: FireFox - IE Exploit Heads up

    On 2007-07-12, stephen.novell@gmail.com wrote:

    > http://isc.sans.org/diary.html?storyid=3121
    >
    > And
    >
    > http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3511
    >
    > Lovely......


    Do note that this only applies to Windows users who have both IE and
    Firefox installed, and are using IE as their browser, and don't have
    NoScript installed.

    If you're not using Windows, or not using IE as your primary browser, or
    have NoScript installed -- no worries.

    --

    John (john@os2.dhs.org)

  18. Re: FireFox - IE Exploit Heads up

    On 2007-07-12, Sailfish wrote:

    > Terry R. wrote:
    >>
    >> And another good reason that everyone should be using NoScript.


    > Surfing the net without Javascript is like surfing Santa Cruz in the
    > winter without a wet suit. Sure, it can be done but ... it kinda takes a
    > lot of fun out of it :_)


    That's why you use NoScript, instead of globally disabling Javascript.
    Leave Javascript disabled by default, then selectively enable it for the
    sites you trust.

    --

    John (john@os2.dhs.org)

  19. Re: FireFox - IE Exploit Heads up

    On 2007-07-12, Sailfish wrote:

    > Andrés M. wrote:
    >>
    >> Surely you didn't notice that what NoScript really allows is to deny
    >> Javascript by default on all sites and let you enable permanently or
    >> temporarily the ones you trust individually with just two mouse clicks.
    >> Once you make yourself a respectable white-list you can even backup it
    >> and import on other computers.


    > Sure, but that's more work on my part. Using the same analogy, it like
    > going winter surfing with a wet suit but one size too small.


    A mouse click is too much effort for you? Sorry, but that's
    just pathetic. You'd rather leave yourself vulnerable to drive-by
    exploits rather than exerting yourself with a couple mouse clicks to
    build a whitelist of trusted sites. There's the reason why the internet
    so so full of malware and other crap.

    Jeez...

    --

    John (john@os2.dhs.org)

  20. Re: FireFox - IE Exploit Heads up

    On 7/12/2007 6:42 PM On a whim, goodwin pounded out on the keyboard

    > On 7/12/2007 4:15 PM Terry R. opined:
    >>> Surfing the net without Javascript is like surfing Santa Cruz in the
    >>> winter without a wet suit. Sure, it can be done but ... it kinda takes a
    >>> lot of fun out of it :_)
    >>>

    >> I agree, but after using NoScript for a while, I'm surprised how many
    >> additional sites want to run scripts besides the one I'm visiting. I
    >> don't care to let everyone do what they please just because they can.
    >> Just monitoring it for a while makes one wonder just how much is going
    >> on without our knowledge.
    >>
    >>

    > Quite a lot actually.
    > Surprised?


    No, not at all, because I use NoScript ;-)

    --
    Terry R.
    Anti-spam measures are included in my email address.
    Delete NOSPAM from the email address after clicking Reply.

+ Reply to Thread
Page 1 of 2 1 2 LastLast